Enterprise Insights

Attacks Skyrocket as Hackers Exploit Old Techniques

A new year-in-review report from Symantec holds some bad news for security administrators. Although the number of brand new attacks decreased last year, the number of attacks themselves has risen by 81 percent. The Internet Security Threat Report, 2011 Trends report cites the easy availability of Web attack kits that make it easy to “tweak” a vulnerability rather than invent new ones. (The report is available at no cost; registration is not required.)

In fact, says Symantec, the number of unique malware variations increased by 41 percent last year. Server-side polymorphism attacks were particularly popular. “This technique enables attackers to generate an almost unique version of their malware for each potential victim,” the report explains. The lack of truly new vulnerabilities was echoed by Microsoft last week in its Security Intelligence Report.

Mobile applications are growing as a delivery medium. As Liam O Murchu, manager of operations at Symantec Security Response, explained to me, hackers are taking existing applications, inserting their code, then reposting them online. Unsuspecting users, mistaking the infected application for the legitimate one, download it. “Android devices are particularly vulnerable to this because it’s more common for users of that platform to download applications from unregulated, third-party Web sites.”

Automation may play a part in this trend. A new report from Imperva, Hacker Intelligence Initiative, Monthly Trend Report #9, notes that automatic tools are enabling an attacker to target more applications and take advantage of vulnerabilities than manual methods. “The automatic tools that are available online save the attacker the trouble of studying attack methods and coming up with exploits to applications’ vulnerabilities. An attacker can just pick a set of automatic attack tools from the ones that are freely available online, install them, point them at lucrative targets, and reap the results.” Imperva’s 12-page report is available for free; no registration is required.

The Imperva reports notes that “Automatic tools open new avenues for evading security defenses. For example, such a tool can periodically change the HTTP User Agent header that is usually sent in each request to an application and that may be used to identify and block malicious clients. As another example, sophisticated automatic tools can split the attack between several controlled hosts, thus evading being blacklisted.”

Yes, hackers are still after information, but the techniques vary by month. “Hackers can try something this month, then switch to something else next month,” O Murchu said. Mobile users are also facing increased problems from mobile hackers in the form of premium text rates or phone calls. (Where as credit cards were worth between 40 and 80 cents to hackers, a premium SMS text can cost a mobile user $9.99.)

Indeed, just last week Symantec said it observed a new mobile threat that takes advantage of users of Android devices by exploiting the popular Biophilia app. “Once users download the Trojanized Biophilia app, they are able to stream music just as the app promises,” a spokesman says, but it also launches a malicious background service that’s part of the Android.Golddream malware family, which “indicates the authors of this threat likely intend to use infected devices to generate revenue via premium SMS scams.”

Spam levels have dropped, which any mail administrator will be happy to know, so that delivery mechanism is playing a smaller role in spreading malware. The report credits “law enforcement action which shut down Rustock, a massive, worldwide botnet that was responsible for sending out large amounts of spam.”

Of course, whenever one medium fades, another takes its place -- in this case, social networks. “The very nature of social networks make users feel that they are amongst friends and perhaps not at risk.” Social networks also make it easier to spread virally. Clearly, security administrators have some user educating to do.

Symantec also found that the targets themselves are changing. In 2011, large enterprises were no longer the key target. Last year, 50 percent of attacks were aimed at companies with fewer than 2500 employees, and another 18 percent went after companies with no more than 250 employees.

Upper management used to be a favorite target; last year, 58 percent of attacks were directed at “other job functions such as Sales, HR, Executive Assistants, and Media/Public Relations.” The report points out that people in these positions are likely to receive messages with attachments (and presumably aren’t averse to clicking on attachment icons).

A final disturbing note: Over 232 million identities were stolen globally in 2011. Symantec says that “the most frequent cause of data breaches (across all sectors) was theft or loss of a computer or other medium on which data is stored or transmitted, such as a USB key or a back-up medium. Theft or loss accounted for 34.3 percent of breaches that could lead to identities exposed.”